Docs: add SECURITY.md file for reporting vulnerabilities Related to #42

gelecekbilimde · Sep 19, 2024 · eab2f7d · eab2f7d
1 parent effa1e1
commit eab2f7d
Showing 1 changed file with 40 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,40 @@
+# Security Policy
+
+## Supported Versions
+
+We take security seriously. Below is the list of currently supported versions of our project and their respective security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.0.x   | :white_check_mark:  |
+| 0.x     | :x:                |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in this project, we appreciate your responsible disclosure. To report a vulnerability, please follow these steps:
+
+1. **Do Not Disclose Publicly**  
+   Do not open a public issue regarding the vulnerability. We ask that you keep the information confidential until we can address the issue and notify our users.
+
+2. **Send a Report**  
+   You can report any vulnerabilities via email to the following contact:
+
+   **Security Team Contact**: [[email protected]](mailto:[email protected])
+
+3. **Include the Following Information**  
+   - Detailed description of the vulnerability
+   - Steps to reproduce the issue
+   - Potential impact of the vulnerability
+   - Any possible mitigations you can suggest
+
+4. **Response Time**  
+   We will respond to your report within 48 hours. After the initial assessment, we will provide you with a detailed plan to address the issue, including the timeline for a fix.
+
+5. **Acknowledgement**  
+   Once the vulnerability is resolved, we will give you credit for the responsible disclosure in our release notes, unless you prefer to remain anonymous.
+
+## Security Updates
+
+We continuously monitor and update dependencies for security patches. Please ensure you are using the latest version of our software to stay protected.
+
+---